Main menu

Post navigation

A few months ago, I interviewed at Oak Ridge National Laboratory for a joint project they were doing with the U.S. Department of Veterans Affairs. If offered this position, it was going to be a significant reduction in salary for me, about fifty thousand dollars per year, but I was willing and motivated to take the position because of the mission. This project was a big data initiative to identify veterans at risk for suicide and prevent tragedy before it strikes. Given the mission statement and the environment, I felt that this opportunity was a near perfect fit for me. It was almost like I had written the job description for myself.

Linux-VServer is a virtualization platform that allows you to run VPSs without running complete OS environments. It can be argued that Linux-VServer is actually more of a container platform than virtualization, however, you can’t think of it like Docker or LXC containers. From a structural design, I would actually say that they are more similar to Solaris Zones, which are still technically containers, but the functionality is different.

At my current job, I take care of all things systems. That’s infrastructure, security, networking, in-house desktop support, and automation. That’s a lot, I know, but someone has to do it. Nonetheless, it’s a great job. I’ve had a lot of jobs in my life, and this one is definitely top three. That being said, there are a bunch of a-holes in China making my life very hard right now by constantly running DDOS (dynamic denial of service) attacks against our IP address space. They particularly like to target our Joomla and WordPress sites. I’ve been fighting with them off and on for a few weeks now, but this morning, they launched the mother of all attacks against us. This was a geographically distributed, multi-datacenter DDOS attack. They were using in excess of 100 IPs in separate subnets scattered across at least five countries. So how did I fix this? Let’s get into it.

My predecessor at my current company used a platform called check_mk to monitor our network. Unfortunately, check_mk has a feature that populates based on network discovery and can be very chatty. check_mk is also very convoluted as it’s built on top of Icinga, which is built on top of Nagios. When making changes, there were layers and layers of configuration files you had to dig through, at least, in the check_mk instance my predecessor had bequeathed me. Needless to say, I was not a fan and it wasn’t very efficient. I understand why they forked to create Icinga. At the time, Nagios was stagnant. Since then, I feel like the Nagios camp has progressed significantly. I also understand why they forked Icinga to check_mk, but it’s not for me. For the granularity I want in monitoring, check_mk would be more work intensive than Nagios. Continue reading →

I’ve been a Linux Systems Administrator for more than two decades, and I’m intimately aware of what’s necessary to run Linux in the enterprise. I knew after the viral epidemic that is systemd, that the Linux ecosystem was inherently broken, and we needed a change. At that point, I sought out a group of folks identifying themselves as the VUA, or Veteran Unix Administrators. This group is vehemently opposed to systemd and began a fork of Debian without systemd, now known as Devuan (pronounced dev one.) Devuan is still in it’s infancy, only one major release under it’s belt, but it’s a massively capable server platform. My company is now running solely on Devuan Linux for all of our LAMP stack applications. We are even using it for virtualization using vserver. On the desktop side of things, it’s coming along quite nicely as well, but there are definitely some growing pains. My company recently purchased a Dell XPS 15 (9560, 2017) for me, and it came with Ubuntu. I figured it was time to “put my money where my mouth is,” and try to install Devuan on this very new hardware that uses an NVME disk and boots via UEFI. This is a journal of that experience. I’m doing most of this from memory, so there may be some minor typos and/or mistakes. Feel free to reach out if something doesn’t seem correct. Continue reading →

I’ve always been a bit of a nocturnal person. If I had my preference, I would go to bed every morning just shortly after the sun comes up. I know this probably seems weird to many of you, but it’s always been something I’ve struggled with. My circadian rhythm has always been that of a “night owl,” and unfortunately, the rest of the world runs on daylight. Continue reading →

As a migratory systems engineer, I have lived, or stayed extensively, in cities all over my country, The United States of America. Due to this, I belong to many mailing lists and technical groups in CONUS (CONtinental United States.) One of the groups I belong to is the the DCLUG, or more extensively stated, the Washington, DC Linux Users Group. A recent dialogue of correspondence covered a very mundane topic; the topic of “rsync,” and it’s behavior while trying to do incremental copies. A member of the group, a Mr. Michael Henry, replied with a very in-depth answer and I felt it should be recorded for posterity’s sake, as even I, being a Unix/Linux user for over 20 years, learned some rsync nuance from this walk-through. You will find the contents of his reply copied here. Continue reading →